08-18-2011 08:41 AM - edited 07-03-2021 08:35 PM
Hello
I have an interesting problem that I can't find a solution for.
Backround info:
I'm setting up a Cisco Aironet 1141 (standalone mode, AP) to handle wireless traffic in the office. It gives out 2 mbssids, one of which authenticates domain users through a RADIUS server and places them in an appropriate VLAN (RADIUS options 64, 65, and 81). The other is a guest ssid that uses WPA-PSK and places users in the restricted guest VLAN. Physically, the AP is connected to a 3750 PoE Catalyst, to which RADIUS and DHCP servers are also connected. AP, SSIDs, RADIUS and EAP authentication all work. The configuration given below is a working configuration. People do get authenticated and do get placed in the appropriate vlan.
The problem is that, once authenticated, the "Obtaining IP Address" phase on the client hangs and most clients timeout without getting an IP address. Given that the DHCP server is on the same switch and a test simple ASUS Wi-Fi IP gives out the same scenario (except the multiple VLAN) at the speed of light, I don't think that it's a problem with the network connections between clients and the DHCP server.
After reading some topics here, I realized that probably other communication will be extremely slow, as well, but haven't tested that for sure.
Clients are all non-Cisco - smartphones, notebooks, etc. Most of them are 802.11G, not N.
Configuration is attached below.
Does anyone have any ideas?
08-18-2011 08:54 AM
can you post the config of the switch port the AP is connected to?
08-18-2011 08:21 PM
Sure, possibly relevant parts:
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause arp-inspection
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh authentication-retries 5
ip ssh logging events
ip ssh version 2
!
!
!
interface GigabitEthernet1/0/1
description Gi1/0/1 to CAT-CORE
switchport trunk encapsulation dot1q
switchport mode trunk
!
!
interface GigabitEthernet1/0/4
description Gi1/0/4 to RADIUS_serv
switchport access vlan 240
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
!
interface GigabitEthernet1/0/8
description Gi1/0/8 to DHCP_serv
switchport access vlan 240
switchport mode access
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
!
interface GigabitEthernet1/0/11
description Aironet 1141 AIRONET-MO-1
switchport trunk encapsulation dot1q
switchport trunk native vlan 240
switchport trunk allowed vlan 240-246,248,249
switchport mode trunk
interface Vlan240
description Admin_Vlan
ip address 192.168.240.244 255.255.255.0
!
ip default-gateway 192.168.240.1
ip classless
no ip http server
ip http secure-server
!
08-18-2011 09:24 PM
I've tried manually setting port speed and duplex on both switch and AP, but that doesn't help. The client's connections are still too slow. Some XP notebooks do get an IP address, but most other devices timeout. The ones that do get an IP have a connection so slow that they are not able to really do anything.
08-19-2011 05:14 AM
Problem solved. Despite the fact that configuration is accepted, there is a note that:
"RADIUS-assigned VLANs are not supported when you enable multiple BSSIDs."
The way it works is that you do get an IP address from appropriate VLAN, but cannot send any traffic through the AP.
Solution is turning off mbssid configuration completely and leaving only 1 ssid in guest-mode.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide